java - Upgrading from Spring Framework 5 to 6 (Spring Security 5.7.2 to 6.3.4) - Stack Overflow

admin管理员组

文章数量:1435270

I'm currently migrating my application to Spring Framework 6, which required updating the javax namespace to jakarta. While most components seem to be working, I’m facing an issue specifically with the authentication configuration and can’t pinpoint the cause.

Details: security.xml configuration:

<security:http authentication-manager-ref="authenticationManager" entry-point-ref="processingFilterEntryPoint" use-expressions="true">
    <security:intercept-url pattern="/msui_login**" access="isAnonymous()" />
    <security:intercept-url pattern="/**" access="isAuthenticated()" />
    <security:custom-filter ref="processingFilter" after="LOGOUT_FILTER" />
    <security:logout success-handler-ref="logoutSuccessHandler" />
    <security:csrf disabled="true" /> 
    <security:headers>
        <security:frame-options policy="SAMEORIGIN" />
    </security:headers>
</security:http>

 <bean id="authenticationManager" class=".springframework.security.authentication.ProviderManager">
        <constructor-arg>
            <list>
                <ref bean="authenticationProvider" />
            </list>
        </constructor-arg>
    </bean>

I've verified that authenticationProvider is returning the correct Authentication object. However, for the pattern /**, when it checks isAuthenticated, control is being redirected to processingFilterEntryPoint instead. This suggests that Spring Security might not be handling the Authentication object as expected. Could there have been any changes in Spring Security 6.x affecting this behavior? Any insights or troubleshooting tips would be greatly appreciated.

Environment:

Spring Framework: 6.1.x
Spring Security: 6.3.x
Tomcat: 10.1.x

本文标签： javaUpgrading from Spring Framework 5 to 6 (Spring Security 572 to 634)Stack Overflow