[Resolved in 5.2.1] Spring Security 5.2.0.RELEASE has incompatibilities not mentioned in the release notes

Target

What is incompatible

The throws Exception has been removed from theconfigure (WebSecurity)method definition of the WebSecurityConfigurerAdapter.

The commit difference is here. Besides WebSecurityConfigurerAdapter, there are many classes with similar changes.

This causes a compilation error in the WebSecurityConfigurerAdapter subclass when upgrading the library from 5.1.x to 5.2.0.RELEASE. This is because there is no throws Exception in the override source.

Example of WebSecurityConfigurerAdapter subclass (before change)


@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //This method causes a compile error
    @Override
    public configure(WebSecurity web) throws Exception {
        // ...
    }
}

[2019/11/07 postscript] In Spring Security 5.2.1.RELEASE, the deleted throws Exception has been restored! -> Commit history

Countermeasures

Let's remove the throws Exception from theconfigure (WebSecurity)method.

WebSecurityConfigurerAdapter subclass example (after modification)


@EnableWebSecurity
public class SecurityConfig extends WebSecurityConfigurerAdapter {

    //This will not cause a compile error
    @Override
    public configure(WebSecurity web) {
        // ...
    }
}

According to the commit log mentioned above (https://github.com/spring-projects/spring-security/commit/34dd5fea30d4e3d862dfc675cb97cf967a6ad25b#diff-5b46e0ff6fdabbe97888183284338784), throws Exception has been removed from many other methods. It seems.

If you are using these methods, you will all have to do the same.

[2019/11/07 postscript] Those who took this measure in 5.2.0 should not need to add throws Exception when upgrading to 5.2.1.

However···

I don't want you to do this. .. ..

It is listed in Spring Security Issue.

Recommended Posts

[Resolved in 5.2.1] Spring Security 5.2.0.RELEASE has incompatibilities not mentioned in the release notes
Contributed to Gradle and was named in the release notes
Response header may not be output correctly in Spring Security 4.1
Organized notes in the head (Java-Exceptions)
Thymeleaf usage notes in Spring Boot
JSESSIONID could not be assigned to the URL when using Spring Security