Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to Use hasIpAddress() Method After Migrating to authorizeHttpRequests() in Spring Security 6 #13474

Closed
awxiaoxian2020 opened this issue Jul 10, 2023 · 1 comment
Closed

Unable to Use hasIpAddress() Method After Migrating to authorizeHttpRequests() in Spring Security 6 #13474

awxiaoxian2020 opened this issue Jul 10, 2023 · 1 comment
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug

Comments

@awxiaoxian2020
Copy link

awxiaoxian2020 commented Jul 10, 2023
edited

Describe the bug
After migrating to Spring Security 6 and replacing the deprecated authorizeRequests(...) method with authorizeHttpRequests(...), the hasIpAddress() method is no longer accessible, resulting in a compilation error.

To Reproduce
Steps to reproduce the behavior:

  1. Upgrade the Spring Security version to 6.x.
  2. Replace the usage of authorizeRequests(...) with authorizeHttpRequests(...) in the code.
  3. Add a configuration that includes the hasIpAddress() method with authorizeHttpRequests(...).
  4. Attempt to compile the code and observe the error.

Expected behavior
I expected to be able to use the hasIpAddress() method within the authorizeHttpRequests(...) configuration, without encountering any compilation errors.

Sample

@Bean
public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Exception {
    return http
            .csrf(csrf -> csrf.disable())
            .sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS))
            .authorizeHttpRequests(authorize -> authorize
                    .requestMatchers("/api/user/account/token/", "/api/user/account/register/").permitAll()
                    .requestMatchers("/pk/game/start/", "/pk/receive/bot/move/").hasIpAddress("127.0.0.1")
                    .requestMatchers(HttpMethod.OPTIONS).permitAll()
                    .anyRequest().authenticated()
            )
            .addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class)
            .build();
}
@awxiaoxian2020 awxiaoxian2020 added status: waiting-for-triage An issue we've not yet triaged type: bug A general bug labels Jul 10, 2023
@jzheaux
Copy link
Contributor

jzheaux commented Jul 10, 2023
edited

There are no plans to port over hasIpAddress to the latest support.

Instead, please use:

IpAddressMatcher hasIpAddress = new IpAddressMatcher("127.0.0.1");

// ...

.access((authentication, context) -> new AuthorizationDecision(hasIpAddress.matches(context.getRequest())))

I'll update the migration guide to mention this.

@jzheaux jzheaux mentioned this issue Jul 10, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status: waiting-for-triage An issue we've not yet triaged type: bug A general bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jzheaux @awxiaoxian2020